Cryptocurrency Hacks Soar to $2 Billion in Q1 2025: Access Control Exploits Lead the Surge

The first quarter of 2025 witnessed a staggering $2 billion in losses due to cryptocurrency hacks, according to a new report. A significant portion of these losses, approximately $1.63 billion, stemmed from vulnerabilities in access control systems, as highlighted by the cybersecurity firm, Hacken.

Hacken’s report, corroborated by data from PeckShield (excluding scams), paints a grim picture of the evolving threat landscape. The substantial losses underscore a critical need for enhanced security measures across the cryptocurrency industry.

The alarming figures are largely attributed to the high-profile Bybit exchange hack, which resulted in losses exceeding $1.4 billion. North Korean state-sponsored hackers were identified as the perpetrators, demonstrating the escalating sophistication and scale of attacks leveraging compromised multisignature wallets and vulnerable front ends.

The Hacken report emphasizes that securing digital assets requires a holistic approach. Addressing vulnerabilities in the entire infrastructure, including front-end interfaces and internal processes, is crucial to prevent future breaches. The reliance on secure on-chain code alone is insufficient.

Beyond Technical Vulnerabilities

The report further reveals that while smart contract vulnerabilities remain a concern, human error, process failures, and weaknesses in permission systems are contributing significantly to the escalating losses. The trend continues with multisignature wallet-related hacks being the leading cause of breaches for the third consecutive quarter.

Notable examples include the exploitation of the Safe{Wallet} front-end in the Bybit hack, along with previous incidents involving Radiant Capital and WazirX. This highlights the need for robust security protocols extending beyond just the technical aspects of cryptocurrency systems.

The Rise of Organized Crypto Scams

The report also sheds light on the alarming professionalization of cryptocurrency scams. Losses attributed to phishing attacks reached $96.37 million, while rug pulls accounted for an additional $300 million. The rise of platforms like Huione Pay, facilitating the laundering of funds from these increasingly sophisticated criminal operations, is a particularly troubling development.

The growth of organized crime in the crypto space, including the use of human trafficking, underlines the need for a multi-pronged approach to combating this evolving threat. Enhanced regulatory oversight, improved user education, and stronger international collaboration are necessary to effectively tackle the problem.

This situation underscores the need for heightened vigilance, robust security practices, and collaborative efforts across the cryptocurrency ecosystem to mitigate the escalating risks.